Input validation error in Discourse - CVE-2022-24824
Published: April 14, 2022 / Updated: July 1, 2026
Discourse
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a partial denial of service.
The vulnerability exists due to improper input validation in the request handling and caching logic when handling a maliciously formed request. A remote attacker can send a specially crafted request to cause a partial denial of service.
Anonymous users may be served the crawler view of the site instead of the normal HTML page.